Yusef, Tyson has already asked the question that I have asked :-) On Sat, Sep 25, 2010 at 10:25 PM, Kingsley Charles < [email protected]> wrote:
> Correct Tyson > > Authentication is configured for radius. Now if NAR rejects user account, > you would get log message informing access denied. But the message thrown on > the > console will be "rejected" not "% Authorization failed". That is where I > missed :-) > > Yusef, > > Did you configure the same user account that you used on the radius server > on the router with priv 15? > > > With regards > Kings > > > On Sat, Sep 25, 2010 at 8:24 PM, Tyson Scott <[email protected]> wrote: > >> If he is doing local authorization no reports will show up in ACS for a >> failure. >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> *From:* Kingsley Charles [mailto:[email protected]] >> *Sent:* Saturday, September 25, 2010 3:07 AM >> *To:* Tyson Scott >> *Cc:* yusef sheriff; [email protected] >> >> *Subject:* Re: [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - >> Vol1 Task 5.5 >> >> >> >> Go to Report and Activity and check for the fail attempts log. You can see >> the reason for failure. >> >> Have you configured the user or group for NAR? >> >> >> With regards >> Kings >> >> On Sat, Sep 25, 2010 at 4:04 AM, Tyson Scott <[email protected]> wrote: >> >> If you are doing local authorization do you have the same user with same >> password information configured locally? >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> *From:* yusef sheriff [mailto:[email protected]] >> *Sent:* Friday, September 24, 2010 2:02 PM >> *To:* Tyson Scott >> *Subject:* Re: [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - >> Vol1 Task 5.5 >> >> >> >> It's Local. below is aaa config:- >> >> aaa new-model >> ! >> ! >> aaa authentication login default none >> aaa authentication login VTY group radius local >> aaa authorization exec default none >> aaa authorization exec VTY local >> aaa accounting exec VTY start-stop group radius >> >> Regards, >> Yusef >> >> On Fri, Sep 24, 2010 at 9:40 PM, Tyson Scott <[email protected]> wrote: >> >> What do you have configured for aaa exec authorization >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *yusef sheriff >> *Sent:* Friday, September 24, 2010 1:13 PM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - Vol1 >> Task 5.5 >> >> >> >> Dear All, >> >> I am doing Vol1 - Task 5.5 struck up in configuring External database >> configuration. In my ACS server v4.1 not finding *windows authentication >> configuration under external database -> windows user database configuration >> * *page.* However, aaa test is successfully authenticated with radius >> server but if I do the telnet from R5 getting error authorization failed :- >> >> R8#test aaa group radius Ripuser1 p...@ssw0rd legacy >> Attempting authentication test to server-group radius using radius >> User was successfully authenticated. >> >> R8# >> >> -------------------------------------------------------------------------------------- >> R5#telnet 5.8.8.8 >> Trying 5.8.8.8 ... Open >> >> >> User Access Verification >> >> Username: Ripuser1 >> Password: >> % Authorization failed. >> >> Kindly help me.. >> >> Thanks >> >> Regards, >> Yusef >> >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
